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Editorial 



It is undoubtedly a coincidence, but Just 
three weeks after our editorial appeared about 
moving, we were notified that WE were moving. 
There is something about moving that is, 
frankly, unsettling. 



Collection .1 

Cryptanalysls ■ ■■■I 

Cryptolingulstics. . . i^^^^^^ 
Information Science. I 

Language ■ V 

Machine Support. 
Mathematics 



I 



139618;) 
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(5 7118) 
rpsieia) 
<4681s) 
JK&5I8s) 



Puzzles David H. Williams Ttl03s) 

Special Research.. ..Vera R. Filby ( : ?119s) 

Traffic Analysis Don Taurone f\3 573s ) 



It ntust be said that the people one 
encounters when moving are quite friendly and 
helpful. The telephone people, for instance, 
must spend much of their time having to deal 
with people who are unhappy about having to 
move, yet they were sunny in disposition (more 
30 than I would be if my Job required me to 
deal continually with displaced persons) . And 
so, in fact, were all of the other folks we 
met along the trek. 



For subscriptions 


send name and organization 


to 




1 1 


or call 




3369s 







P.-L-, 



Moving can be an adventure. I have fond 
memories of long columns of desks, moving 
slowly at the command of column coordinators 
with walkie-talkies. And there are advantages 
to moving: it is a good time to throw away 
some of that accretion of stuff that I keep 
accumulating . 
!6-36 



To submit articles or letters 
via PLATFORM mail, send to 

cryptolg at barlc05 
(bar-one-c-zero-f ive) 
(note: no '0' in 'log') 



Besides, if [ 
LOG, June-July 
to move! So as 
roster 



~| *8 right (CRYPTO- 
1982, pZ5) , then Bomebody has 
long as whoever keeps the 
does it fairly, my turn will only come 
up every so often* Of course, if I could fig- 
ure out how that roster works, maybe by get- 
ting myself transfered at just the right time, 
I could stay in one place and let the new 
organization move in around me! 



Contents of Cryptolog should not be repro- 
duced, or further disseminated outside the 
National Security Agency without the permis- 
sion of the Publisher. Inquiries regarding Next month, something different... 
reproduction and dissemination should be 
directed to the Editor. 
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The Development and Correlation of 




arnlng indlcatore poamlata specific 
tc clone that a foreign power nay 
take prior to the Initiation of 
hoettlitiea. Indicator* at* 

4$h developed fron collected lntelli*- 
gence, hietorleal data, and the political and 
nilltary doctilae of a roreiga power. 

Indicator lists are Conned by correlat- 
ing indicator* under specific categories ! they 
are used by indlcationa and warning 
analysts as a tool to determine if a possible 
strategic warning environment la, developing- 
These lists denote the capabilities of 
specific targets- Those capabllitis* Include 
known and sus patted economic/ technical, phy- 
sical, and Military abilities. 1 ~ 



With the Indicator list being s tool 
for warning, the scale for warning la the 
norm, the target's normal level of activity* 
I4W analyst* use Indicator Itn ta to determine 
if current activities in their area of concern 
deviate sig nificant from tha normal level of 
activities. I~ 
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(0 OGO) To develop Indicators from histori- 
cal data, T&W analysts study the invo lvement 
of specific targets In military action. T 



Indicators baaed on normal 



activity are developed from the actions that 
lead up to the preparations for deployment of 
forces for an invasion or exercises, as well 
as from the actions observed during those 
events . 



(D"GC0) Developing indicators from a 
target's political or military doctrine tella 
I&W analysts what the target may do to prepare 
for hostilities* 




(S"CeO) Sources for indicators include all 
the major intellige nce collectors and sensors 
employed bu the US. \ 



The development and correlation of 
indicators is very important to warning* Indi- 
cator lists are developed from collected 
intelligence and the analysis of a foreign 
power's actions and doctrine- The sources of 
indicators are the intelligence collectors and 
sensors that the US employs in its defense* 
Indicator lists air I&W analysts ia determin- 
ing the status of a foreign power's military 
capability that decision-makers need to know 
in order to make the necessary decisions to 
protect US Interests* 
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uring the course "Japanese Cipher 
Devices Through World War II," which 
was a part of SPICE (the JSummer pro- 
gram in Intensive £ryptologic ISduca- 
(U) tion), some questions arose which 
neither the teacher nor students could answer. 
Two of those questions will be posed in this 
article, with the promise of future articles 
with additional questions and explanations of 
the systems Involved. 



46}- There were two goals in the course. 
The first was to study the history and solu- 
tion of Japanese cipher systems before and 
during World War II. The second was to try to 
solve the Japanese systems with our modern 
techniques* 



fS-h The students accepted the challenge to 
treat a set of World War II messages as 
unknown cipher. The results of the statisti- 
cal tests were not what the teacher (the 
author of this piece) had expected to see, 
based on her research of how the systems 
worked. The problem was that the messages 
which she had pulled from the Cryptologic Col- 
lection and typed onto the system did not all 
possess the properties that had originally 
made solution of the systems possible. It was 
necessary to tell the students what was sup- 
posed to have happened and then try to figure 
out why the runs had come out as they did. 



(U) The class watched the tapes of Frank 
Rowlett's talk on the solution of RED and 
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PURPLE, and of Frank Raven's recent talk in 
the Friedman Auditorium. These analysts 
imparted the excitement in achieving the ori- 
ginal solution, but students and teacher felt 
that both men underemphasized the difficulty 
of this achievement. 



(G) The material in the Crypto logic Collec- 
tion on RED was understandable and the stu- 
dents were able to solve the messages, given 
how the systems worked. It was not clear how 
the original analysts constructed the device 
from the cipher solution but one student wrote 
a program simulating RED motion. 



-r*J-The material on PURPLE was difficult 
and the explanations of the system's solution 
left certain questions unanswered. The first 
concerned the initial analysis of the system. 
The World War II analysts had the plain text 
for parts of 15 messages. In an intensive 
cryptanalytic study of these messages they 
found that the number of repetitions was much 
smaller than would be expected at random. 
Repetitions of three or four letters never 
represented the same plaintext letters. Con- 
versely, two identical plaintext letters In 
Sequence could never be represented by two 
Identical ciphertext letter. Friedman writes, 
"This phenomenon turns out to be the undoing 
of the machine." [I] However, he does not 
explain how the lack of repetitions wa9 
exploited . 



( D) The second question concerns the solu- 
tion of the system. The original analysts 
felt that they needed 20 to 25 messages with 
the same indicator on the same day to solve 
the system. They never found more than two 
messages that satisfied these conditions. 
Another idea was to convert messages with the 
same indicator, but on different days, to a 
common base. Out of a thousand messages, six 
were located with the indicator 59173. When 
reduced to a common base, these six messages 
became the key to the breaking of PURPLE. 
Friedman describes the process as "too diffi- 
cult to explain here." [2) 



The two unanswered questions are: 

1. How did the analysts use the repression of 
repetitions in solving PURPLE? and 

2. How were the messages with the same indi- 
cators, but on different days, reduced to 
a common base? 



i^H Further questions can be posed in an 
article which describes the system. In addi- 
tion, there is a course in the Cryptologic 
Collection on PURPLE with explanations and 
assignments. Though most of the explanations 
were understandable and the answers to the 
problems in the assignments were provided, 
something was lacking because the problems did 
not seem solvable. 



(C) Is there anyone at the Agency who 
worked with PURPLE or who once studied the 
PURPLE course material? Would anyone like to 
help resolve these puzzles? Could modern 
technique s solve the sys tems today? Please 
contact | | B63, on extension P.L. 86-36 

4871s. 



1. Friedman, William, "Preliminary History of 
the Solution of the B Machine," p. 4. 

2. Ibid., p. 5. 




WE ARE ALWAYS 
LOOKING FOR 

ARTICLES, COMMENTS, 
NOTES, LETTERS, 

THAT WOULD BE 

OF INTEREST TO 
OUR READERS 
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Going On-line With 
Information Aids (U) 

bj Jick Gar I Hp IR831I 
Sislens Research Libs 





hat we are in the information age is 
no longer debatable • For some years 
now we have been aware of the 
impressive advances being made in 
the business of acquiring, storing, 
retrieving, and displaying information- We 
are also assured that there is much more to 
come — smaller, better, faster— ^and we have no 
reason to question that claim* It is exciting 
to contemplate the possibilities, and not a 
little scary. Even if we wished to slow down 
or stop the process, there would be no way to 
do it, and so we speed along with the current. 



Of course it is the computer that is in the 
middle of the information explosion, and it is 
the computer that enables us to sit at home or 
in an office and be the recipient of all sorts 
of facts and figures, provided that we have 
subscribed to the appropriate service. If we 
really wanted to, we could see the entire 
daily New York Times on our screen by 0800 
each morning, but there are better ways to 
read the paper. On-line information services 
crisscross the country and there seems to be 
no limit in the kinds of information that may 
be provided. Too busy to read all the maga- 
zines and journals affecting your area of 
interest? You can subscribe to a service that 
summarizes all the Information for you- 
Reluctant to plow through all the stock market 
information in the papers to see how your 
investments are doing? You can be served pre- 
cisely the Information you need on a regular 
basis. The on-line services cater primarily 
to businesses, as one would expect, but the 
range of Information available in all fields 
is Impressive and it is growing all the time. 



It is In the cards that the computer will 
be asked to provide more and more answers to 
questions asked in the course of SIGINT 
analysis, and yet there remain many questions 
regarding the advantages of on-line versus 
off-line Information support. It Isn't easy 
to visualize a familiar operation like looking 
up a word, a person's name, a place name or an 
abbreviation without the comforting reas- 
surance of dictionaries, working aids, 
gazetteers, and other friendly reference 
works. It will take heavy-duty convincing to 
get some people to agree to give away their 
books and rely instead on the flickering 
images of that close relative of the medium 
that brings us "Charlie's Angels." 



We need to discover just how valuable on- 
line information would be for SIGINT analytic 
processes. Speculation will take us only so 
Ear, and we need to know for sure how useful 
It would be to have answers to our questions 
provided on the screen. Would it take less 
time? Would the answers be more accurate and 
complete than if one proceeded in the tradi- 
tional way? What would this do for SIGINT 
productivity? Output quality? How would the 
Individual transcriber or analyst react7 How 
valuable would it be for the linguist to be 
able to look up a the meaning of a word when 
he does not know either the beginning or the 
ending? What about place-names and maps being 
displayed on the screen? Or charts and 
diagrams? In our planning for large-scale 
systems of the future, what should our 
requirements be for on-line information sup- 
port? What will it do for (or to) the indivi- 
dual sitting in the middle of the system? 
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The answers to these and related questions 
are being sought by KEPLER, the laboratory in 
R83 that is working on a design for the ideal 
transcriber work station. In April and May of 
1982 a test was conducted in operational 
spaces, employing two transcriber teams in A67 
who continued to work on their regular 
traffic. A group of six information aids, 
some of them the most frequently used by tran- 
scribers, were made available in computer- 
retrievable form to the transcription teams. 
Experimental equipment was brought in to 
display answers to their queries on-line, and 
while one team used the experimental posi- 
tions, the other operated in normal fashion. 
Periodically the teams reversed roles and all 
the while trained observers were watching the 
operation and collecting data to permit an 
evaluation of on-line aids in the transcrip- 
tion process. 



It became apparent almost from the outset 
that the experimental on-line information aid 
system, nicknamed WALDO, would quickly become 
a favorite reference device for most of the 
transcribers participating in the test. 
WALDO, to the transcriber, was a second 
DD7000T screen that was controlled by the same 
keyboard that was used for creating tran- 
scripts. It was connected to a minicomputer 
that contained the information aids. The 
transcriber could and did ignore all of the 
experimental equipment but the second screen. 
The retrieval system was designed to be 
attractive and easy to use, and that WALDO was 
a most welcome tool is evident from comments 
made by the transcribers in their End-of-Test 
Questionnaires : 

^ "Easier and faster than paging through 
hardcopy." 

y "String-search allows scribe to look up 
words even when portions are unknown--a 
big help." 



V 



V 



V 



V 



"Pun to use." 



"It would be great if we could incor- 
porate WALDO/KEPLER into our permanent 
operations for the whole branch." 



"I hope this helps get us all on-line 
working aids because I feel the time we 
save using these aids is time we can use 
to concentrate on our ever-increasing 
workload. I know I've said this before, 
but I Just can't get over how convenient 
and easy this on-line system is. If all 
the working aids that we use with any fre- 
quency are put in WALDO, then we'd have 
that much more space in our desk." 



"With the ORTHO on-line, I find myself 
using it at least 10 times more than if I 
had to drag out that book for every Jumble 
of sounds I heard. It is easier with 
WALDO to try the various configurations of 
letters to see if a legit word turns up. 
Paging through the orthographic hardcopy 
was something I unfortunately avoided, 
which left flanks in my transcripts. But 
I find myself now filling in more blanks 
because it's easier to do with the ortho- 
graphic on-line. I think my work has 
definitely improved!" 



The observers who noted how aids were used 
during the test found in general that, when an 
information aid was available on-line in the 
experimental mode, it was used more frequently 
than its hardcopy equivalents In the control 
mode. Also significant was the finding that 
the average durations of aid use by tran- 
scribers tended to be shorter for on-line than 
for off-line aids. It should be noted that 
these savings were in worktime per individual 
query and did not necessarily result in a sav- 
ings in tape processing time. It is likely 
that, because it is so much easier and quicker 
to find answers in on-line aids, many more 
queries will be made than when only off-line 
aids are available. This would probably 
offset some of the savings in time but might 
do wonders for the quality of the product. 



•J "Caused scribe to look up more entries, 
thereby Improving quality of work." 

^ "Dread going back to STEPSTONE alone." 

J "Makes STEPSTONE look primitive in cora- 
^ parison." 



In addition to determining that on-line 
aids were used more frequently and took less 
time per query, it was also found that the 
subject transcribers were unanimous In prefer- 
ring the on-line version of most WALDO aids to 
any alternative form. 



While the results were far from conclusive 
in the calculations of the transcription work 
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factor, there were Btroog indications that 
working with on-line aide had reduced tran~- 
Bcrlption time as much as 18 or 19*. In view 
of the limitations of subject population, tar- 
gets, and cine, however, It is difficult to 
predict the probable impact of on-line aids on 
the transcription work factor in other target 
areas. 



highly desirable to make the retrieval of the 
info rustic n easier, faster, more timely, and 
more complete, all likely results from an 
effective on-line information system. 



Dow did they ever make reservations on the 
airlines before computers? 



In a related hut separate subtest, 150 
terms were selected randomly to determine how 
quickly one could look them up using WALDO 
versus using equivalent hardcopy or microfiche 
aids. Simulating operational conditions, both 
experimental and control, the tester kept 
track of the times it took to look up each of 
the terms on WALDO and on six off-line aide. 
He found that oa-line retrieval times were 
generally faster than other times. This find- 
ing came as no aurprise for those aids that 
are located away from the work area, In which 
case the on-line answer could be provided in 
as little as one seventh of the time. The 
unique characteristic of on-line files, that 
of providing the opportunity to Look for terms 
without knowing how they begin and end, was 
not tested because there was nothing in hard- 
copy or microfiche with which to compare it- 



SOLUTION TO NSA-CROSTIC No* 44 



"Language fin the 



News] , CRTPTOLOG, September 1974. 

,h Wheo Archbishop Casaroli, Vatican Secre- 
tary of State, came to Warsaw to consult 
with the Polish Foreign Hinister, the] 
spoke some Polish ... 'Let Cod guard Poland 
and lead It to great and happy goals,' he 
said, adding, 'tUech zyje Polskal' ('Long 
live Poland 1 ')" 



P.L. 86^36 



What happens next? There Is little doubt 
now that on-line Information aids are a GOOD 
THING and should become a standard feature of 
all works tatlona. It also seems that the 
effort and cost Involved in preparing aids for 
on-line retrieval would be, in many caaea, 
quite modest since a surprisingly large pro- 
portion of all hardcopy aide are produced 
through computer word -pro ceasing and therefore 
exist in digitized form. But It will take a 
commitment oa the part of systems planners and 
managers not only to bring in on-line aids but 
to follow through, for many of the aide 
require updating and new ones are waiting to 
be created. Perhaps what la needed is more 
evidence that on-line aids pay off handsomely 
In raising both the quantity and quality of 
the end product, and proof that transcribers, 
translators, and analysts would find their 
work so much more rewarding with on-line 
Information aids that they would be reluctant 
to leave for other types of employment. 




From: djh at ERMELIN 
Subject: Cryptolog subscription 
To: cryptolg at barlc05 
cc: djh 



The KEPLER experiment and test was directed 
toward the needs of transcribers, but the 
principles and techniques are capable of much 
broader application. It is characteristic of 
almost any analytic activity that the practi- 
tioner conault reference materials. It also 
aeens reasonable to assume that It vould be 



I'm tired of borrowing copies of Cryptolog 
and would appreciate receiving my own copy. 
Thanks. 
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QUESTIONS IN SEARCH OF A PQE (U) 



? 

H 



ere are the five questions submitted 
by the author for the Computer Sys- 
tem Analyst certif ication exam that 
never saw the light of day at the 
end of the tunnel. Choose the best 
answer, break, your #2 pencil when done, and 
then look. up. 



What are the chances of project success, 
in a matrix management environment? 

a. Slim and none. 

b. tt's fine for small projects. 

c. It's fine for large projects. 

d. Actually, it's the Individuals 
assigned that make the difference. 

e. Good, if you stick like glue to 81-2 
and 81-3 is your apogee. 



2« According to a current book about the 
agency, how many computers are there in 
the basement? 



S ? 

by Jasper T. Schmedlipp 

Just what is Computer Programming anyway? 
It's. . . 

a. All just l's and O's. 

b. An arcane art that Macbeth's witches 
would have enjoyed. 

c- A way to make a living. 

d. Where a man belongs. 

e. A hell of a lot of fun when we do it ( 
instead of everything else involved. 

If the program doesn't work, what to do? 

a. Run it again, just to be sure. 

b. Ask the gang In the carpool- 

c. Hope that that case never comes up. 

d. Consider using "GO TOs". 

e- Come back to it tomorrow with a fresh 
mind • 



a. Not too many, since the roadway is 100 
yards wide* 

b. Enough to decrypt the boss's handwrit- 
ing. 

c. It's classified, but the main ones are 
CARRILLON, STARFIRE, LOADSTONE , and 
WINDHILL. 

d. Just as many as they can possibly fit 
in, and then some. 

e. One for every man, woman, and child in 
(pick a county in the state of Mary- 
land). 



In l's complement arithmetic, +0 - -1 ; are 
the operations "minus" and "nonpluaed" 
also equivalent? 

a. Only oq the CDC peripheral processor, 
which has 4000 words of memory. 

b. Yea; but in Burroughs ALGOL, it's much 
more elegant. 

c. The C language doesn't make this dis- 
tinction and many others- 

d. Why not try it and see? After all, 
life is an open-book exam. 

e. No, but be careful for it in your 
local TELNET command language. 



To find the answers, look deep within your 
heart and pick the first things that float to 
the top of your head- 
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(G - GGO) Reminder: 



if you have any old codes or code 
materials, such as runs or tapes or 
cards or write-ups, and you're looking 
for a good home for them. I f ll be happy 



in. 



also 



to take them 
accepts such material. His address is 
T54, SAB 2 Door 3, and he can be reached 
on x2268s. 



P16, xll03s 
Bookbreaking and Cryptolinguistics Coordinator 





To: EdJt<£r., eKfPTQLOG 
Dear Ed: 



Kudos to | |for his perceptive, albeit 

scary, series on "SIGINT: 1990." He graphi- 
cally lays out the challenges facing the SIG- 
INT folks of that era, which is rapidly becom- 
ing more and more imminent. The table in the 
November article displaying the 64 teleser- 
vices envisaged by the French CNET study for 
the year 2000 can set one's mind adrift on a 
sea of imaginings in the sphere of social 
relationships, too. For example, a young 
bachelor of that day might embark on TELESUR- 
VEILLANCE to check out the field; or if that 
fails, there are TELEWANT ADS or TELESH0PPING 
as prelims to his TELECOtfPLE adventure, fol- 
lowed perhaps by TELE GAMES together — and then, 
sadly, by TELESWAP (if ardor cools)... The 
TELEpqssibilities boggle the mind. 



P13 

"P.L. 86-36 



Dec 82 * CRYPTOLOG * Page 16 



DOCID: 4009856 




KRYPTOS Society: 
Distinguished Miibirs 
md New SbiIIUI 



P.L. 86-36 




t the 14 September 1982 meeting of 
the KRYP TOS Society, President! 

announced the names of the 
Distinguished Members of 
The initial group was 



first U 
the Society 

selected from a list of over 100 candidates. 
Selection criteria were based solely on erypt- 
analytlc skills and achievements! To be eli- 
gible for consideration , a candidate must have 
retired since 1935 from tbe "official crypt- 
analytic community" in the United States, 
Great Britain, Australia, Canada, and Nev Zea- 
land- The following were eelected: 



Milllani Blank! na hi p 



[ 



8 6— 3 6 



Prescott Currie r 

I I 
William F. Friedman 
Hugh Ginger ich 
Solomon Xullback 

_ Francis ("Te d 1 ") Leahy 



William Lntwiniak 
Francis Raven 
Abraham Sinkov 
John Tiltman 

I I 

(U) In the future the KRYPTOS Society will 
publish a paper describing the achievements of 
these Distinguished Members. 



| Chatr- 



(V) At the same meeting | 

nan of the Logo and Seal Committee , presented 
the seal of the Society, which is based on the 
Gordian Knot. The following Is Joe" a version 
of the story: 

(U) Once upon a time in the ancient kingdom 
of Phrygia, the government had many problems, 
the ooBt immediate of which was to choose a 
new king- So the high officials went to con- 
sult the leading local oracle for advice on 



by 



su 



whom they should select for their king. The 
oracie gave them the following astonishing 
advice: "Choose the very next person who 
approaches the Temple of Zeue In a wagon. 
Then all will go well for Phrygia*" (History 
does not record how much the oracle was paid 
for this advice. ) 

<U) Along come a country farmer named Gor- 
dius and his wife, driving their oxcart into 
town and they pull up in front of the Temple- 
You can imagine Gordius' surprise when he is 
surrounded by government officials and other 
well-wishers heralding him as king. Well, 
Gordius was quite thrilled, to say the least, 
and to show his gratitude he tied hts oxen to 
the Tenple with a beautiful and Intricate 
knot- In fact, the knot was so Intricate that 
no one could untie It- Years vent by, and 
still no one was able to untie It. Centuries 
went by, and still no one could untie It, so 
that the legend grew that that the knot could 
be unraveled only by the one who was to be the 
conqueror of Asia- According to the atory, 
when Alexander the Great invaded Phrygia he 
was shown the Cordlan Knot. He took cut his 
sword and-~ln true, pragmatic, cryptanslytlc 
f ashlon-^slashed it apart- 



(U) | was the one who suggested 

Gordian Knot as the theme for the Kryptos 
lie also suggested that it could 
in the form of a shield with 

it: the 



the 

Society seal, 
be portrayed 

three Important elements depicted on 



knot, a sword, and a helmet. The knot depicts 
the cryptanalytlc problem; the gword depicts 
the tools of the cryptanalyst; and the helmet 
symbolizes the cryptanalyst — the helmet being 
a symbol of anonymity. The seal that we see 
today incorporates those three elements and 
adds the word KRYPTOS (Greek for "hidden" or 
"secret") across the top in Greek letters. 
The shield w as designed in its present form by 
lof L23 and professionally rendered 



by 



]of L2. 
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J excel- 



hile reading 

lent article in che October issue of 
CRYFTOLOG (p, 6), I could not help 
| becoming more and more unhappy under 
jmy "human factors hac." The article 
describes a recent compromise of a password 
file in one of our computer systems- It shows 
that the passwords, even though encrypted in 
the file, could easily be recovered by guess- 
work. It advises users to cooperate with the 
intent of protecting passwords by choosing 
passwords that "will not fall out through a 
simple analysis effort." I n order to make 
passwords harder to guess, | offers 

advice I will parsphrase as follows: 



the longer the passwords are, the batter; 



increase the alphabet size, for example, 
by miicing upper and lower case characters, 
numbers, and punctuation. 



This is all good advice, when we are maxim- 
izing only one value: that of making passwords 
as secure as possible. Unfortunately, the 
average computer user has multiple goals in 
his use of a computer system, only one of 
which is prevention of unauthorized access. 
All of ue at NSA are all too aware of the cru- 
cial Importance of security. Passwords are 
still a pain tu the neck to moat of us, con- 



The author's address for PLATFORM mail 
mary at mycroft- 



is 



stituting one more obstacle between us and our 
work at the terminal. We know they are neces- 
sary, but we also know that our lives are a 
lot easier if our password is 



^ short, 

^ easy to. type, and 
^ easy to remember . 



'P.L. 86-36 



Alas, we see that [ 



] good advice 



flies directly in the face of normal human 
factors design guidelines: to make passwords 
hard for potential trespassers to guess, we 
must make them even harder f or ourselve s to 
remember and type correctly! I I notgs 
rather plaintively that "there is not a single 
upper case character" in the 107 passwords 
recovered from the compromised list by guess- 
ing- There are good reasons for that absence 
of upper case characters, from the user's 
point of view: 
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first, It's hard to recall which letter 
or letters were upper, and which were 
lower case, especially in the meaning- 
less nonsense-words (e.g., "vkjrd") that 
are recommended as the best passwords; 



second, the shift key is a great error- 
maker in all typing, since it forces you 
to use two keys where one would do. All 
this guarantees that, if you create a 
password like "vKJ.r-dX", you will prob- 
ably have to type it over several times 
before you get it right. 



Computer Security folks may be saying 
"toughl" with little sympathy, since 
they are interested only in security. I 
can't quite look at it that way. 1 
think we have to remember that produc- 
tivity, efficient accomplishment of our 
Jobs, and good morale are also important 
values we need to maximize. 



I don't know what we can do about this con- 
flict of interest between computer security 
requirements and user friendliness. I can't 
help wondering why user identifications (ini- 
tials, organization) couldn't be enough to 
establish the necessary access restrictions 
and permissions when tied to user profiles or 
tables stored in the system software. Why do 
we need to depend on passwords at all? Might 
there not be other ways to enforce security at 
less cost to users? 



I suspect that this is only one of many 
similar conflicts in our software, some far 
more expensive to users than unlearnable, 
untypable passwords. My intention here is 
Just to point out the conflict. I am sure 
some of you could report similar situations, 
where file security, access restrictions, 
etc., create real problems for users in the 
way they are implemented. Those readers in 
the Computer Security business will doubtless 
have plenty to say on the other side of the 
issue. At any rate, I invite readers to send 
in their ideas on the topic of User Friendli- 
ness and (or versus, if you pr efer) Computer 



Security to me 
in a future 



for inclusion 



issue of the SIG/Human Factors 
Technical Notes and/or CRYPTOLOG. (Ed Note: 
what about using two passwords and letting the 
system combine them in some periodically 
changing way?) 

P.L. 86-36 




HUMAN FACTORS TECHNICAL NOTES 



The Computer 
Institute's Spe 
Factors, chaired 
lishes a serleB 
wide range of to 
wants to keep 
human factors. 



and Information Sciences 
clal Interest Group on Human 
by I I pub- 



of technical notes covering a 
pics of Interest to anyone who 
up with the growing field of 
The editor of the notes is 
^whpse name and articles you 
have been seeing on these pagea. 



P.L. 86-36 



Some of the articles in the Human Factors 
Technical Notes have been republished here in 
CRYPTOLOG, but if you want to keep up with the 
latest news, you should call Mary on x8845s 
(or send her a note via PLATFORM using the 
address 'mary at mycroft') and have your name 
placed on her mailing list. 



The most recent issue contains reviews and 
comments about recent articles and papers, 
includ ing : 



Ergonomics of Visual Display Terminals 
Human Factors Standards for Terminals 
Workplace Design 

Windowing vs. Scrolling on a Display Ter- 
minal 

Experiments with Terminals and Eyestrain 

Why Alphabetic Keyboards are not easy to 
use 

Furniture and Posture Problems 
Modelling Computer Data Entry 
Structured Menus 
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EO 1 . 4 . (c) 
P.L. 86-36 



NSA CROSTIC No. 45 



BY REED DAWSON (Retired) 



NOTE: The text of the quotation is 

classified CONFIDENTIAL - HVCCO, 
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THI S DOCUMENT CONTAIN S CODEWORD MATERIAL 

TO P S C C R CT 

US/UK/CAN/AUS/NZ EYES O M IY 



